[BUG] What if sombody uses our PROF_SHMEM_KEY?

Jim McDonough jmcd at us.ibm.com
Fri Sep 7 06:05:01 GMT 2001

Andrew Bartlett wrote:
> I'm a little worried about what happens if somebody else uses the same
> shared memory key as samba:  From what I have seen, if somebody else (in
> particular an unprivileged user) creates a SHM segment with the correct
> key they can prevent any SMBD from starting on the system.
I'm curious...is there a reason why a fixed key is used?  That's the whole
purpose of ftok().  I know, I know, you can create duplicate keys if a
fs/dev has more than 65K inodes used, and yes, I've seen in happen before.

> This is because we check that root created the shm segment before we use
> it.
> With the recent changes to always build create the profiling shared
> memory area - and the dropping of the root-ownership check, I'm a little
> worried about the implications if we overwrite another processes data.
> (I have a patch to restore this check, in the form of
> sec_inital_uid()).

Checking that who created it doesn't guarantee anything.  It may not even
save many headaches...  Shouldn't the check include checking the magic
number and version?  Wouldn't that go a whole lot further in verifying that
we're not overwriting another processes data?  What is the purpose of the
magic number, if not for a check?

Jim McDonough
IBM Linux Technology Center
6 Minuteman Drive
Scarborough, ME 04074

jmcd at us.ibm.com

Phone: (207) 885-5565
IBM tie-line: 776-9984

More information about the samba-technical mailing list